nested group membership design question

I have several divisional file shares. Within each of those file shares is a folder for every department. I want to make a security group for accessing each department folder. I also have a divisional admin security group. I want to have my divisional admin security group me a member of every departmental security group. That way, I can give the division admin user permissions to every department folder with a single group membership for that user.

To further complicate things, within some departments there are units. I want to do the same thing where I have security groups for the units of which the divisional admin security group is also a member of.  The following directory path illustrates the layout. There is some obvious inheriting stuff going on, but we don’t need to discuss that here J. The example shows 1 division with 3 departments. Department 1 has 1 unit, department 2 has 2 units, and department 3 has 3 units. If I were to nest everything like I want and add my admin user to the divisional admin security group, that user would be a direct member of 1 group and an indirect member of 9 groups via the nesting. This example is small for what we’re doing. We have one case where a division has 50 departments with an average of 3 units. Adding my admin user as a member to the divisional admin security group would give that user 1 direct group membership and 200 indirect group memberships. I've read up on token bloat and we do have a lot of users that work remotely over a VPN connection via their home cable or dsl connection, so that’s a concern. Another thought is all of the these groups will be universal groups, we're in the midst of our file servers and users being in different domains. That said, there's also the concern of added GAL replication among our DCs. Is there anything else I’m missing?

Thanks for the help!

\\server\             Division Share #1\            Department Folder #1\                 Unit #1

\\server\             Division Share #1\            Department Folder #2\                 Unit #1

\\server\             Division Share #1\            Department Folder #2\                 Unit #2

\\server\             Division Share #1\            Department Folder #3\                 Unit #1

\\server\             Division Share #1\            Department Folder #3\                 Unit #2

\\server\             Division Share #1\            Department Folder #3\                 Unit #3